[ 71.430488][ T44] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. 2025/01/30 09:58:19 ignoring optional flag "sandboxArg"="0" 2025/01/30 09:58:19 parsed 1 programs [ 76.449019][ T4218] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.708827][ T4248] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.717190][ T4248] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.725461][ T4248] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.733732][ T4248] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.102554][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.110461][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.131790][ T1821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.139821][ T1821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/01/30 09:58:29 executed programs: 0 [ 85.233429][ T4695] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.242770][ T4695] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.254933][ T4695] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.264584][ T4695] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.983662][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.991693][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.016058][ T1821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.024109][ T1821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/01/30 09:58:36 executed programs: 2 [ 90.277518][ T5419] loop2: detected capacity change from 0 to 32768 [ 90.303363][ T5419] ================================================================== [ 90.311644][ T5419] BUG: KASAN: slab-use-after-free in diWrite+0xac8/0x14a0 [ 90.318790][ T5419] Write of size 32 at addr ffff8881182280c0 by task syz.2.15/5419 [ 90.326709][ T5419] [ 90.329075][ T5419] CPU: 1 UID: 0 PID: 5419 Comm: syz.2.15 Not tainted 6.13.0-syzkaller #0 [ 90.329096][ T5419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 90.329110][ T5419] Call Trace: [ 90.329117][ T5419] [ 90.329123][ T5419] dump_stack_lvl+0x231/0x330 [ 90.329148][ T5419] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.329168][ T5419] ? __pfx__printk+0x10/0x10 [ 90.329189][ T5419] ? _printk+0xd5/0x120 [ 90.329208][ T5419] ? __virt_addr_valid+0x169/0x380 [ 90.329225][ T5419] print_report+0x169/0x550 [ 90.329243][ T5419] ? __virt_addr_valid+0x169/0x380 [ 90.329259][ T5419] ? __virt_addr_valid+0x2c1/0x380 [ 90.329276][ T5419] ? __phys_addr+0x90/0x130 [ 90.329291][ T5419] ? diWrite+0xac8/0x14a0 [ 90.329310][ T5419] kasan_report+0x143/0x180 [ 90.329327][ T5419] ? diWrite+0xac8/0x14a0 [ 90.329347][ T5419] kasan_check_range+0x282/0x290 [ 90.329365][ T5419] ? diWrite+0xac8/0x14a0 [ 90.329383][ T5419] __asan_memcpy+0x40/0x70 [ 90.329399][ T5419] diWrite+0xac8/0x14a0 [ 90.329419][ T5419] txCommit+0xa1a/0x6a50 [ 90.329439][ T5419] ? add_index+0x30e/0x1400 [ 90.329455][ T5419] ? __pfx_add_index+0x10/0x10 [ 90.329471][ T5419] ? __pfx_txCommit+0x10/0x10 [ 90.329490][ T5419] ? rcu_is_watching+0x1f/0xa0 [ 90.329511][ T5419] ? __mark_inode_dirty+0x33e/0xc40 [ 90.329531][ T5419] add_missing_indices+0x857/0xb80 [ 90.329549][ T5419] ? __pfx_add_missing_indices+0x10/0x10 [ 90.329565][ T5419] ? set_page_refcounted+0xa1/0x1e0 [ 90.329585][ T5419] ? alloc_pages_noprof+0x121/0x160 [ 90.329605][ T5419] jfs_readdir+0x1fa4/0x3bc0 [ 90.329622][ T5419] ? __pfx_jfs_readdir+0x10/0x10 [ 90.329639][ T5419] ? down_write+0x12e/0x190 [ 90.329660][ T5419] ? __pfx_down_write+0x10/0x10 [ 90.329682][ T5419] ? do_sys_openat2+0x17a/0x1d0 [ 90.329702][ T5419] ? __pfx_jfs_readdir+0x10/0x10 [ 90.329717][ T5419] wrap_directory_iterator+0x91/0xd0 [ 90.329734][ T5419] iterate_dir+0x596/0x740 [ 90.329749][ T5419] __se_sys_getdents64+0x1d2/0x4a0 [ 90.329767][ T5419] ? __pfx___se_sys_getdents64+0x10/0x10 [ 90.329783][ T5419] ? __pfx_filldir64+0x10/0x10 [ 90.329799][ T5419] ? switch_fpu_return+0x10f/0x180 [ 90.329819][ T5419] do_syscall_64+0x8d/0x190 [ 90.329839][ T5419] ? clear_bhb_loop+0x35/0x90 [ 90.329858][ T5419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.329881][ T5419] RIP: 0033:0x7f03bd57e819 [ 90.329901][ T5419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.329915][ T5419] RSP: 002b:00007f03bd3f9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 90.329939][ T5419] RAX: ffffffffffffffda RBX: 00007f03bd735fa0 RCX: 00007f03bd57e819 [ 90.329950][ T5419] RDX: 0000000000001000 RSI: 00000000200038c0 RDI: 0000000000000005 [ 90.329960][ T5419] RBP: 00007f03bd5f175e R08: 0000000000000000 R09: 0000000000000000 [ 90.329970][ T5419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.329980][ T5419] R13: 0000000000000000 R14: 00007f03bd735fa0 R15: 00007ffcafc49828 [ 90.329992][ T5419] [ 90.329998][ T5419] [ 90.630437][ T5419] Allocated by task 5101: [ 90.634836][ T5419] kasan_save_track+0x3f/0x80 [ 90.639503][ T5419] __kasan_slab_alloc+0x66/0x80 [ 90.644340][ T5419] kmem_cache_alloc_noprof+0x1b9/0x410 [ 90.649780][ T5419] alloc_empty_file+0x9e/0x1d0 [ 90.654621][ T5419] path_openat+0x102/0x3510 [ 90.659117][ T5419] do_filp_open+0x27f/0x4e0 [ 90.663604][ T5419] do_open_execat+0x165/0x4f0 [ 90.668263][ T5419] alloc_bprm+0x2a/0xb80 [ 90.672497][ T5419] kernel_execve+0xa2/0x7e0 [ 90.677081][ T5419] call_usermodehelper_exec_async+0x232/0x380 [ 90.683221][ T5419] ret_from_fork+0x4b/0x80 [ 90.687627][ T5419] ret_from_fork_asm+0x1a/0x30 [ 90.692378][ T5419] [ 90.694698][ T5419] Freed by task 16: [ 90.698482][ T5419] kasan_save_track+0x3f/0x80 [ 90.703145][ T5419] kasan_save_free_info+0x40/0x50 [ 90.708164][ T5419] __kasan_slab_free+0x59/0x70 [ 90.712911][ T5419] slab_free_after_rcu_debug+0x127/0x280 [ 90.718545][ T5419] rcu_core+0xcb3/0x1630 [ 90.722776][ T5419] handle_softirqs+0x1ba/0x580 [ 90.727536][ T5419] run_ksoftirqd+0x28/0x40 [ 90.731959][ T5419] smpboot_thread_fn+0x460/0x8e0 [ 90.736976][ T5419] kthread+0x695/0x780 [ 90.741089][ T5419] ret_from_fork+0x4b/0x80 [ 90.745622][ T5419] ret_from_fork_asm+0x1a/0x30 [ 90.750380][ T5419] [ 90.752693][ T5419] Last potentially related work creation: [ 90.758402][ T5419] kasan_save_stack+0x3f/0x60 [ 90.763092][ T5419] kasan_record_aux_stack+0xaa/0xc0 [ 90.768285][ T5419] kmem_cache_free+0x2bd/0x470 [ 90.773038][ T5419] task_work_run+0x24f/0x300 [ 90.777615][ T5419] do_exit+0xa61/0x2ca0 [ 90.781758][ T5419] do_group_exit+0x207/0x2c0 [ 90.786419][ T5419] __x64_sys_exit_group+0x3f/0x40 [ 90.791525][ T5419] x64_sys_call+0x26a8/0x26b0 [ 90.796209][ T5419] do_syscall_64+0x8d/0x190 [ 90.800703][ T5419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.806948][ T5419] [ 90.809260][ T5419] Second to last potentially related work creation: [ 90.815915][ T5419] kasan_save_stack+0x3f/0x60 [ 90.820579][ T5419] kasan_record_aux_stack+0xaa/0xc0 [ 90.825777][ T5419] task_work_add+0xbf/0x420 [ 90.830284][ T5419] fput+0x17a/0x290 [ 90.834086][ T5419] __mmput+0x1d1/0x410 [ 90.838185][ T5419] exit_mm+0x132/0x200 [ 90.842250][ T5419] do_exit+0x923/0x2ca0 [ 90.846390][ T5419] do_group_exit+0x207/0x2c0 [ 90.851054][ T5419] __x64_sys_exit_group+0x3f/0x40 [ 90.856062][ T5419] x64_sys_call+0x26a8/0x26b0 [ 90.860752][ T5419] do_syscall_64+0x8d/0x190 [ 90.865245][ T5419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.871123][ T5419] [ 90.873453][ T5419] The buggy address belongs to the object at ffff888118228000 [ 90.873453][ T5419] which belongs to the cache filp of size 360 [ 90.886880][ T5419] The buggy address is located 192 bytes inside of [ 90.886880][ T5419] freed 360-byte region [ffff888118228000, ffff888118228168) [ 90.900656][ T5419] [ 90.902963][ T5419] The buggy address belongs to the physical page: [ 90.909351][ T5419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118228 [ 90.918200][ T5419] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 90.926857][ T5419] memcg:ffff888104f51d01 [ 90.931078][ T5419] flags: 0x100000000000040(head|node=0|zone=2) [ 90.937230][ T5419] page_type: f5(slab) [ 90.941195][ T5419] raw: 0100000000000040 ffff888100ecbc80 dead000000000100 dead000000000122 [ 90.949758][ T5419] raw: 0000000000000000 0000000000120012 00000000f5000000 ffff888104f51d01 [ 90.958334][ T5419] head: 0100000000000040 ffff888100ecbc80 dead000000000100 dead000000000122 [ 90.966993][ T5419] head: 0000000000000000 0000000000120012 00000000f5000000 ffff888104f51d01 [ 90.975830][ T5419] head: 0100000000000001 ffffea0004608a01 ffffffffffffffff 0000000000000000 [ 90.984481][ T5419] head: ffff888100000002 0000000000000000 00000000ffffffff 0000000000000000 [ 90.993128][ T5419] page dumped because: kasan: bad access detected [ 90.999539][ T5419] page_owner tracks the page as allocated [ 91.005245][ T5419] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3649, tgid 3649 (modprobe), ts 50209556072, free_ts 50044243868 [ 91.026243][ T5419] post_alloc_hook+0x108/0x120 [ 91.031000][ T5419] get_page_from_freelist+0x46dc/0x48b0 [ 91.036534][ T5419] __alloc_frozen_pages_noprof+0x256/0x650 [ 91.042329][ T5419] alloc_pages_mpol+0x311/0x630 [ 91.047170][ T5419] allocate_slab+0x8b/0x350 [ 91.051662][ T5419] ___slab_alloc+0x9f6/0x1130 [ 91.056329][ T5419] kmem_cache_alloc_noprof+0x279/0x410 [ 91.061771][ T5419] alloc_empty_file+0x9e/0x1d0 [ 91.066520][ T5419] path_openat+0x102/0x3510 [ 91.071006][ T5419] do_filp_open+0x27f/0x4e0 [ 91.075596][ T5419] do_sys_openat2+0x13e/0x1d0 [ 91.080358][ T5419] __x64_sys_openat+0x247/0x2a0 [ 91.085195][ T5419] do_syscall_64+0x8d/0x190 [ 91.089689][ T5419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.095568][ T5419] page last free pid 3368 tgid 3368 stack trace: [ 91.101872][ T5419] free_frozen_pages+0xc07/0xe80 [ 91.106817][ T5419] __mmdrop+0x59/0x360 [ 91.110877][ T5419] finish_task_switch+0x3d3/0x870 [ 91.115891][ T5419] __schedule+0x1752/0x2440 [ 91.120380][ T5419] schedule+0x112/0x2f0 [ 91.124517][ T5419] schedule_timeout+0xb0/0x260 [ 91.129265][ T5419] wait_for_common+0x3a4/0x650 [ 91.134063][ T5419] wait_for_completion_state+0x15/0x30 [ 91.139542][ T5419] call_usermodehelper_exec+0x3cb/0x4a0 [ 91.145341][ T5419] __request_module+0x3b3/0x590 [ 91.150181][ T5419] dev_load+0x98/0xf0 [ 91.154149][ T5419] dev_ioctl+0x531/0x1230 [ 91.158464][ T5419] sock_do_ioctl+0x240/0x460 [ 91.163041][ T5419] sock_ioctl+0x56b/0x870 [ 91.167408][ T5419] __se_sys_ioctl+0xf5/0x170 [ 91.172104][ T5419] do_syscall_64+0x8d/0x190 [ 91.176617][ T5419] [ 91.178929][ T5419] Memory state around the buggy address: [ 91.184561][ T5419] ffff888118227f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.192611][ T5419] ffff888118228000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.200657][ T5419] >ffff888118228080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.208705][ T5419] ^ [ 91.214927][ T5419] ffff888118228100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 91.222973][ T5419] ffff888118228180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 91.231021][ T5419] ================================================================== [ 91.240181][ T5419] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.247638][ T5419] Kernel Offset: disabled [ 91.251958][ T5419] Rebooting in 86400 seconds..